A security flaw has been discovered in OFCMS 1.1.3
A SQL injection vulnerability exists in the Query function of the SystemParamController class in OFCMS 1.1.3, which can be exploited by manipulating JSON query interface data. This can lead to unauthorized data access or modification. The vulnerability can be triggered remotely.
A security flaw has been discovered in OFCMS 1.1.3. Impacted is the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SystemParamController.java of the component JSON Query Interface. The manipulation results in sql injection. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
OFCMS 1.1.3 users are at medium risk of unauthorized data access or modification via remotely triggered SQL injection exploits.
Monitor & Review
Low severity — keep this CVE on your radar and patch during routine maintenance.
What should I do?
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
0
Affected Products
5
References
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Exploitability
Impact